Method to secure protected content on a mobile device

ABSTRACT

A method and device for securing data accessed by a mobile device. The mobile device detects a request to record content displayed on a display of the mobile device. A determination is then made regarding whether the content that was displayed on the screen when the request to record was received is protected content. If the displayed content was protected, then a third party is notified that a security breach has been detected. A remedial action is also performed regarding the security breach.

TECHNICAL FIELD

The present invention relates to data security and, more particularly,to a method and system for securing electronic data on a mobile device.

BACKGROUND OF THE INVENTION

Mobile devices are frequently being used to access sensitive andprotected data. For example, healthcare professionals are able toreceive the results of medical tests, view diagnostic images, and reviewpatient records using mobile devices. As the amount of electronic datahas dramatically increased over the past decade, so have the number ofdata breaches, resulting in billions of private records being stolen.For this reason, much research has gone into improved methods ofsecuring data.

Current methods for protecting data generally utilize sophisticatedencryption schemes and/or multi-factor authentication in order to ensurethat only authorized users gain access to the data. These currentmethods “trigger” on “who” is accessing the data and the current methodsare typically constructed and deployed as “layers” of security startingpotentially as true physical layers at the perimeter and culminating asencrypt/decrypt schemes.

SUMMARY OF THE INVENTION

The methods for protecting data described above do not adequatelyprotect user data. For example, the above security measures do nothingto prevent a user that has the correct access credentials from copyingand transferring protected data. This problem is particularly prevalentin mobile devices where a user (authorized or otherwise) can simplyperform a screen capture of the protected data. At this point, the useris free to transfer the screen capture of the protected data. This is aproblem unique to mobile devices in that the devices are frequentlytaken into public and are capable of accessing sensitive data. In thisway, if a user leaves their phone unlocked in public, a third party canpick up the phone and take a screen capture of the data. The screencapture can be transferred from the phone without the user ever beingaware. Mobile devices, unlike personal computers and physical paperwork,are taken frequently into public places and are more likely to be leftunattended on a table, in a bag, etc. than a print out of sensitive dataor a computer would be.

The present disclosure provides a method for securing data by detectinga request to record content, determining whether the content to berecorded is protected, notifying a third party that a security breachhas been detected, and performing a remedial action.

According to one aspect of the disclosure, there is provided a mobiledevice configured to prevent electronic data from being compromised. Themobile device includes: a non-transitory computer readable memory, anetwork interface, a display configured to display protected content andnon-protected content, and a processor. The processor is configured toaccess protected content and detect a security breach. The processordetects a security breach by: receiving a request to record contentcurrently displayed on the display; detecting the content displayed onthe display when the request to record currently displayed content wasreceived; and determining that the content displayed on the display whenthe request was received is the protected content. If a security breachis detected, the processor notifies a third party via the networkinterface that the security breach occurred and performs a remedialaction.

Alternatively or additionally, the content is determined to be protectedcontent if an application executed by the processor and generating thecontent being displayed is flagged as a protected application.

Alternatively or additionally, the processor is configured to determinethat the content displayed on the display when the request was receivedis the protected content by: notifying an application generating thecontent being displayed that the request to record content was receivedand receiving from the application an indication that the content beingdisplayed is the protected content.

Alternatively or additionally, the notification that the security breachoccurred includes information identifying at least one of the mobiledevice or a user of the mobile device.

Alternatively or additionally, the identifying information includes atleast one of a username, a geo-location of the device, a deviceidentifier, or an image captured by a camera of the mobile device afterthe request to record was received.

Alternatively or additionally, the notification to the third partyincludes multiple notifications sent to different network locations.

Alternatively or additionally, the notification that the security breachoccurred includes a record of the content displayed on the display whenthe request was received.

Alternatively or additionally, the remedial action includes at least oneof deleting data stored on the mobile device, capturing an image of auser of the mobile device when the request to capture a screen shot wasreceived, disabling the mobile device, or disabling login credentialsused to access the protected content.

Alternatively or additionally, the processor performs the remedialaction after receiving a request via the network interface to performthe remedial action.

According to another aspect of the disclosure, there is provided amethod to prevent data viewed on a mobile device from being compromised.The method includes receiving a request to record content currentlydisplayed on a display of the mobile device and detecting the contentdisplayed on the display when the request to record currently displayedcontent was received. The method also includes determining if thecontent displayed on the display when the request was received is theprotected content. If the content displayed when the request wasreceived is the protected content: the method notifies a third party viaa network interface of the mobile device that the security breachoccurred and performs a remedial action.

Alternatively or additionally, the content is determined to be protectedcontent if an application generating the content being displayed isflagged as a protected application.

Alternatively or additionally, the content displayed on the display whenthe request was received is determined to be the protected content by:notifying an application generating the content being displayed that therequest to record content was received and receiving from theapplication an indication that the content being displayed is theprotected content.

Alternatively or additionally, the notification that the security breachoccurred includes information identifying at least one of the mobiledevice or a user of the mobile device.

Alternatively or additionally, the identifying information includes atleast one of a username, a geo-location of the device, a deviceidentifier, or an image captured by a camera of the mobile device afterthe request to record was received.

Alternatively or additionally, the notification that the security breachoccurred includes a record of the content displayed on the display whenthe request was received.

Alternatively or additionally, the remedial action includes at least oneof deleting data stored on the mobile device, capturing an image of auser of the mobile device when the request to capture a screen shot wasreceived, disabling the mobile device, or disabling login credentialsused to access the protected content.

Alternatively or additionally, the remedial action is performed afterreceiving a request to perform the remedial action.

According to a further aspect of the disclosure, there is provided asystem configured to prevent data viewed on a mobile device from beingcompromised. The system includes a mobile device including: anon-transitory computer readable memory, a network interface, and adisplay. The mobile device also includes a processor configured toaccess protected content and detect a security breach by: receiving arequest to record content currently displayed on the display, detectingthe content displayed on the display when the request to recordcurrently displayed content was received;, and determining that thecontent displayed on the display when the request was received is theprotected content. If a security breach is detected, the processor sendsa notification to a third party computer via the network interface. Thenotification indicates that the security breach occurred. The systemalso includes a third party computer. The third party computer includesa communication interface configured to communicate with the networkinterface of the mobile device and receive the notification from themobile device and a processor. The processor of the third party computeris configured to: receive the notification from the communicationinterface, determine the nature of the protected content displayed onthe display when the request was received, based on the nature of theprotected content and the user of the mobile device, determine aremedial action to perform, and send an indication of the remedialaction to perform to the mobile device. The notification includesinformation regarding the protected content displayed on the displaywhen the request was received and a user of the mobile device. Theprocessor of the mobile device is further configured to perform theremedial action indicated by the third party computer.

A number of features are described herein with respect to embodiments ofthis disclosure. Features described with respect to a given embodimentalso may be employed in connection with other embodiments.

For a better understanding of the present disclosure, together withother and further aspects thereof, reference is made to the followingdescription, taken in conjunction with the accompanying drawings. Thescope of the disclosure is set forth in the appended claims, which setforth in detail certain illustrative embodiments. These embodiments areindicative, however, of but a few of the various ways in which theprinciples of the disclosure may be employed.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram representing a system for protectingelectronic data accessed via a mobile device.

FIG. 2 is a ladder diagram illustrating communication between theoperating system, application, display, and server within the system ofFIG. 1.

FIG. 3 is a flow diagram representing a method for protecting electronicdata accessed via a mobile device.

DETAILED DESCRIPTION OF THE INVENTION

The present invention is now described in detail with reference to thedrawings. In the drawings, each element with a reference number issimilar to other elements with the same reference number independent ofany letter designation following the reference number. In the text, areference number with a specific letter designation following thereference number refers to the specific element with the number andletter designation and a reference number without a specific letterdesignation refers to all elements with the same reference numberindependent of any letter designation following the reference number inthe drawings.

It should be appreciated that many of the elements discussed in thisspecification may be implemented in a hardware circuit(s), a processorexecuting software code or instructions which are encoded withincomputer readable media accessible to the processor, or a combination ofa hardware circuit(s) and a processor or control block of an integratedcircuit executing machine readable code encoded within a computerreadable media. As such, the term circuit, module, server, application,or other equivalent description of an element as used throughout thisspecification is, unless otherwise indicated, intended to encompass ahardware circuit (whether discrete elements or an integrated circuitblock), a processor or control block executing code encoded in acomputer readable media, or a combination of a hardware circuit(s) and aprocessor and/or control block executing such code.

The present disclosure provides a method and device for securing dataaccessed by a mobile device. The mobile device detects a request torecord content displayed on a display of the mobile device. Adetermination is then made regarding whether the content that wasdisplayed on the screen when the request to record was received isprotected content. If the displayed content was protected, then a thirdparty is notified that a security breach has been detected. A remedialaction is also performed regarding the security breach.

FIG. 1 depicts a system 10 for preventing electronic data from beingcompromised. In particular, the system prevents protected content frombeing copied and transferred from the mobile device. The system 10includes a mobile device 12 and a server 14. The mobile device 12includes a processor 20 and a memory 22 storing an application 24 and anoperating system 28. The application 24 and operating system 28 areexecutable programs that are executed by the processor 20 of the mobiledevice 12. The application 24 generates content that is displayed on adisplay 30 of the mobile device. Some of the content displayed on thedisplay 30 is the protected content.

The server 14 may be a computer system of one or more computers orservers. The mobile device 12 may comprise a cellular phone, smartphone, tablet, or any other portable electronic device capable ofexecuting the application 24 and operating system 28. The mobile device12 and server 14 each include at least a processor, a network interface,and non-transitory computer readable medium. The computer readablemedium may include encoded thereon instructions for interfacing with thecorresponding network interface and reading and writing data to thecorresponding computer readable medium. The computer readable medium mayalso include computer programs (including the application 24) comprisinginstructions embodied thereon that are executed by the correspondingprocessor.

The mobile device 12 includes a display 30 configured to displayprotected content and non-protected content. The display 30 may compriseany suitable display for rendering content, such as a liquid crystaldisplay (LCD), organic light-emitting diode (OLED), light-emitting diode(LED), electronic ink (E-ink), etc. The content displayed by the display30 may be determined by the operating system 28 and/or applicationsexecuted by the processor 20 of the mobile device 12. For example, theapplication 24 may access protected content 26 stored on the server 14and display the protected content on the display 30.

The processor 20 is configured to access the protected content 26. Forexample, as explained above, the processor 20 may execute theapplication 24 that accesses protected content 26 stored on the server14. Alternatively, the protected content 26 may be stored on thenon-transitory computer readable medium 22 of the mobile device 12 andaccessed by the application 24.

As will be understood by one of ordinary skill in the art, the processor20 may have various implementations. For example, the processor 20 mayinclude any suitable device, such as a programmable circuit, integratedcircuit, memory and I/O circuits, an application specific integratedcircuit, microcontroller, complex programmable logic device, otherprogrammable circuits, or the like. The processor 20 may also include anon-transitory computer readable medium, such as random access memory(RAM), a read-only memory (ROM), an erasable programmable read-onlymemory (EPROM or Flash memory), or any other suitable medium. Theprocessor 20 may be communicatively coupled to the computer readablemedium 22 and network interface 32 through a system bus, mother board,or using any other suitable structure known in the art.

The processor 20 is also configured to detect a security breach. Theprocessor 20 detects the security breach by receiving a request 56 torecord content currently displayed on the display 30. The request 56 torecord content may comprise a user attempting to perform a screencapture of content currently being displayed on the display 30. Therequest 56 to perform a screen capture may be initiated by a userpressing a predefined combination of keys on an input 34 of the mobiledevice 12. For example, by simultaneously pushing a physical powerbutton and a physical home screen button of the mobile device 12.

Upon receiving the request 56 to record content currently displayed, theprocessor 20 is configured to determine whether the content displayed onthe display 30 when the request was received is protected content 26.That is, the processor 20 is configured to determine whether thedisplayed content was protected content or non-protected content. Theprocessor 20 may determine that the content being displayed is protectedcontent 26 if an application 24 (executed by the processor 20)generating the content being displayed is flagged as a protectedapplication. That is, the application 24 may be flagged as a protectedapplication such that any content being generated by the application 24is assumed to be protected content 26. An application 24 may be flaggedas a protected application if the process id, the name of theapplication, the location and name of the executable file, or any othersuitable identifying characteristic of the application is stored in adatabase or list of protected applications stored on the non-transitorycomputer readable medium 22.

Alternatively or additionally, the processor 20 may notify theapplication 24 generating the content that a request 56 to record wasreceived. The application 24 may then indicate whether the content beingdisplayed was protected content 26 when the request 56 was received. Inthis way, an application 24 that displays both protected andnon-protected content may determine the type of content that was beingdisplayed when the request 56 was received. Upon determining the type ofcontent displayed when the request 56 was received, the application 24may notify the operating system 28 whether the content was protectedcontent 26. For example, the application 24 may determine whethercontent currently displayed is protected content 26 based on anidentifier associated with the content, the location the content wasaccessed from, or using any other tag or identifier capable of labelingcontent as protected content or non-protected content. The application24 may also store a historical record of when protected content wasdisplayed over a limited duration of time. For example, the application24 may store a record of when protected content was displayed over thepast 10 seconds, 2 seconds, 1 second, 200 milliseconds, or any othersuitable duration of time.

If it is determined that the content being displayed when the request 56was received is protected content 26, then the processor 20 determinesthat a security breach is detected. If a security breach is detected,the processor 20 is configured to optionally notify a third party thatthe security breach occurred and/or perform a remedial action.

The mobile device 12 may notify a third party computer (e.g., the server14) that a security breach occurred via the network interface 32. Thatis, the processor 20 may cause the network interface 32 to send anotification via a network 44 that the security breach occurred. As willbe understood by one of ordinary skill in the art, the network 44 maycomprise a private network, the internet, a wired network, a wirelessnetwork, or any other suitable network allowing the mobile device 12 andthe third party to communicate with one another.

The mobile device 12 is not limited to notifying a single computerdevice that a security breach occurred, but may instead notify multipledevices (e.g., more than one server) that a security breach occurred.That is, the notification to the third party may include multiplenotifications sent to different network locations. The parties notifiedwhen a breach occurred may be determined by the application 24generating the protected content 26. Additionally, the parties contactedmay be determined based upon the content being displayed when thesecurity breach occurred. For example, there may be multiple tiers ofprotected content 26 (e.g., low, medium, and high). In this example, ifa security breach occurred while low tier protected content 26 wasdisplayed, then a first server 14 a may be notified. If a securitybreach occurred while medium tier protected content 26 was displayed,then a second server 14 b (in place of or in addition to the firstserver 14 a) may be notified (or no notification may be sent). If asecurity breach occurred while high tier protected content 26 wasdisplayed, then a third server 14 c (in place of or in addition to thefirst server 14 a and second server 14 b) may be notified.

The notification that the security breach occurred may includeinformation identifying at least one of the mobile device or a user ofthe mobile device. The identifying information may include any suitableinformation for identifying the mobile device 12 or a user of the mobiledevice, including a username used to sign into the mobile device 12 orused to access the protected content 26, a geo-location of the device12, a device identifier, or an image captured by a camera of the mobiledevice after the request to record was received. The device identifiermay comprise a MAC address, a serial number, or any information used touniquely identify the mobile device 12. The notification that thesecurity breach occurred may additionally or alternatively include arecord of the content displayed on the display when the security breachoccurred.

The processor 20 is also configured to perform a remedial action upondetecting a security breach. The remedial action may be performedbefore, after, or in place of notifying a third party as describedpreviously. The remedial action may include deleting data stored on themobile device, capturing an image of a user of the mobile device whenthe request to capture a screen shot was received, disabling the mobiledevice, and/or disabling login credentials used to access the protectedcontent. The remedial action may be specified by the application 24 ormay be initiated by the third party notified of the security breach. Forexample, upon receiving the notification of the security breach, theserver 14 may instruct the processor 20 to perform a given remedialaction. This instruction may be sent to the mobile device 12 via thenetwork 44. In this example, the processor 20 performs the remedialaction after receiving a request via the network interface 44 to performthe remedial action. In one example, a default remedial action may beinitiated by the application 24 (e.g., disabling login credentials) andinstruction to perform an additional or alternative remedial action(e.g., disabling the mobile device) may be sent by the third party.

In one embodiment, the third party computer receiving the notificationof the security breach includes a communication interface configured tocommunicate with the network interface of the mobile device and receivethe notification from the mobile device. The third party computer alsoincludes a processor configured to receive the notification from thecommunication interface. In this embodiment, the notification includesinformation regarding the protected content displayed on the displaywhen the request was received and a user of the mobile device. Theprocessor determines the nature of the protected content displayed onthe display when the request was received. For example, the processormay determine the nature of the protected content displayed by comparingthe displayed content to the content stored on the third party computer.Based on the nature of the protected content and the user of the mobiledevice, the processor determines a remedial action to perform. Theprocessor may determine the remedial action by using a lookup table.Finally, the third party computer sends an indication of the remedialaction to perform to the mobile device 12.

FIG. 2 depicts communication of data within the mobile device 12 andbetween the mobile device 12 and the server 14. In the figure, theapplication 24 running on the mobile device 12, optionally sends arequest for protected content 52 to the server 14. For example, if auser requests to view their bank statement or other financial data, arequest for protected content 52 may be sent to the server 14. Theserver 14 receives the request 52 and, assuming that all requiredsecurity procedures are satisfied (e.g., the user authenticates with theserver), protected content 26 is sent to the application 24.Alternatively, the protected content 52 may be stored within the memory22 of the mobile device 12. In this example, the application 24 mayaccess the protected content 26 directly from the memory 22 withoutsending a request for protected content 52 to the server 14.

Upon receiving the protected content 54, the application 24 causes thedisplay 30 to display the protected content 26. The mobile device 12also includes a device input 34. If the operating system 28 receives arequest to record displayed content 56 from the device input 34, thenthe request 56 may be passed to the application 24. Alternatively, asopposed to passing the request to record 56 to the application 24, theoperating system 28 may request information regarding the contentdisplayed at the time that the request to record content 56 wasreceived. In either case, the application 24 may notify the operatingsystem 28 that a security breach occurred 28 if the content beingdisplayed when the request to record 56 was received was protectedcontent. The application 24 may alternatively or additionally notify theserver 14 if a security breach 28 occurred.

After it is determined that a security breach 28 occurred, instructionsto perform a remedial action 60 may be received. The instructions may bereceived by at least one of the server 14, the operating system 28, orthe application 24. The instructions to perform the remedial action 60may be provided by at least one of the server 14, the operating system28, or the application 24. For example, the application 24 may contain alist of default remedial actions to perform until further instructionsare received from the operating system 28 or the server 14. For example,the application 24 may be configured to only display non-protectedcontent until further instructions are received from the server 14. Theserver 14 may then send instructions to perform a remedial action, suchas locking down the application 24 so that no content is accessiblethrough the application 24.

Turning to FIG. 3, a block diagram is shown depicting a method 100 forsecuring data by detecting a request to record content. Following thestart of the method 100 in process block 102, the method 100 determinesin decision block 104 whether a request to record content currentlydisplayed on a display of the mobile device was received. If a requestwas not received, then the method returns back to decision block 104. Ifa request was received, then process block 108 is performed.

In process block 108, the content displayed on the display when therequest to record currently displayed content was received is detected.In process block 110, it is determined whether the content displayed onthe display when the request was received is protected content ornon-protected content. As described above, the type of content displayedmay be determined by the application 24 generating the content beingdisplayed. For example, if the application 24 is identified as aprotected application, then any content displayed by the application 24is determined to be protected content. Alternatively, the application 24may be polled to determine whether the content being displayed when therequest was received is protected content. In decision block 112, if thedisplayed content is non-protected content, then the method returns todecision block 104. If the displayed content is protected content, thenthe method 100 moves to process block 114.

In process block 114, a third party is notified that a security breachhas occurred. As described above, the notification that the securitybreach occurred may include information identifying at least one of themobile device or a user of the mobile device. The notification that asecurity breach occurred may alternatively or additionally include arecord of the content displayed on the display when the request wasreceived. In process block 116, a remedial action is performed. Asdescribed above the remedial action may be performed only afterreceiving a request to perform the remedial action.

The method 100 may run as a background process on the mobile device 12.The method 100 may be included as a part of the operating system 28, theapplication 24, or as a standalone application.

Data (e.g., the request for protected content 52, the protected content26, notification that a security breach occurred 58, and remedial action60) may be transferred over a network 44 connecting the mobile device 12and the server 14. The network 44 may be at least one of a TCP/IPnetwork or a system bus. For example, when a user attempts to transferdata via a USB port, the network 44 would comprise the system busconnecting the USB port and the memory 22 of the mobile device 12.

As will be understood by one of ordinary skill in the art, the network44 is not limited to a single LAN, but may comprise any suitable networkof devices. For example, the predefined areas 80 may comprise acollection of LANs, a Bluetooth Network, the Internet, etc.

As will be understood by one of ordinary skill in the art, thetransmission of data (e.g., the request for protected content 52, theprotected content 26, notification that a security breach occurred 58,and remedial action 60) may be transmitted using any suitable protocol(e.g., TCP/IP, Bluetooth, SMTP, HTTP, SSL, PPP, IMAP, or any othersuitable network protocol).

The processor of the mobile device 12 may identify the location of thecorresponding device using a global positioning system (GPS) device,cellular triangulation, WI-FI positioning, or any other suitabletechnique or device to determine location.

As will be understood by one of ordinary skill in the art, theprocessors of the mobile device 12 and server 14 may have variousimplementations. For example, each of the processors may include anysuitable device, such as a programmable circuit, integrated circuit,memory and I/O circuits, an application specific integrated circuit,microcontroller, complex programmable logic device, other programmablecircuits, or the like. Each of the processors may also include anon-transitory computer readable medium, such as random access memory(RAM), a read-only memory (ROM), an erasable programmable read-onlymemory (EPROM or Flash memory), or any other suitable medium.Instructions for performing the methods described above may be stored inthe non-transitory computer readable medium and executed by therespective processor identified in the description of the method. Eachof the processors may be communicatively coupled to the respectivecomputer readable medium and network interface through a system bus,mother board, or using any other suitable structure known in the art.

The network interfaces of the mobile device 12, server 14, andpredetermined server 14 may each be communicatively coupled to one ormore other host devices 12 and receiving devices 14 via a network 44.The network 44 may be an open network, such as the Internet, a privatenetwork, such as a virtual private network, or any other suitablenetwork. Each of the network interface may be configured to transmitand/or receive data.

As will be understood by one of ordinary skill in the art, each of thenetwork interfaces may comprise a wireless network adaptor, an Ethernetnetwork card, or any suitable device for performing network basedcommunication between devices. Each of the network interface may becommunicatively coupled to the respective computer readable medium suchthat each network interface is able to send data stored on therespective computer readable medium across the network 44 and storereceived data on the respective computer readable medium. Each of thenetwork interface may also be communicatively coupled to the respectiveprocessor such that the processor is able to control operation of thenetwork interface. The respective network interfaces, computer readablemedium, and processors may be communicatively coupled through a systembus, mother board, or using any other suitable manner as will beunderstood by one of ordinary skill in the art.

Although the invention has been shown and described with respect tocertain exemplary embodiments, it is obvious that equivalents andmodifications will occur to others skilled in the art upon the readingand understanding of the specification. It is envisioned that afterreading and understanding the present invention those skilled in the artmay envision other processing states, events, and processing steps tofurther the objectives of system of the present invention. The presentinvention includes all such equivalents and modifications, and islimited only by the scope of the following claims.

What is claimed is:
 1. A mobile device configured to prevent electronicdata from being compromised, the mobile device comprising: anon-transitory computer readable memory; a network interface; a displayconfigured to display protected content and non-protected content; and aprocessor configured to: access protected content; detect a securitybreach by: receiving a request to record content currently displayed onthe display; detecting the content displayed on the display when therequest to record currently displayed content was received; anddetermining that the content displayed on the display when the requestwas received is the protected content; and if a security breach isdetected: notify a third party via the network interface that thesecurity breach occurred; and perform a remedial action.
 2. The mobiledevice of claim 1, wherein the content is determined to be protectedcontent if an application executed by the processor and generating thecontent being displayed is flagged as a protected application.
 3. Themobile device of claim 1, wherein the processor is configured todetermine that the content displayed on the display when the request wasreceived is the protected content by: notifying an applicationgenerating the content being displayed that the request to recordcontent was received; and receiving from the application an indicationthat the content being displayed is the protected content.
 4. The mobiledevice of claim 1, wherein the notification that the security breachoccurred includes information identifying at least one of the mobiledevice or a user of the mobile device.
 5. The mobile device of claim 4,wherein the identifying information includes at least one of a username,a geo-location of the device, a device identifier, or an image capturedby a camera of the mobile device after the request to record wasreceived.
 6. The mobile device of claim 1, wherein the notification tothe third party includes multiple notifications sent to differentnetwork locations.
 7. The mobile device of claim 1, wherein thenotification that the security breach occurred includes a record of thecontent displayed on the display when the request was received.
 8. Themobile device of claim 1, wherein the remedial action comprises at leastone of deleting data stored on the mobile device, capturing an image ofa user of the mobile device when the request to capture a screen shotwas received, disabling the mobile device, or disabling logincredentials used to access the protected content.
 9. The mobile deviceof claim 1, wherein the processor performs the remedial action afterreceiving a request via the network interface to perform the remedialaction.
 10. A method to prevent data viewed on a mobile device frombeing compromised, the method comprising: receiving a request to recordcontent currently displayed on a display of the mobile device; detectingthe content displayed on the display when the request to recordcurrently displayed content was received; determining if the contentdisplayed on the display when the request was received is the protectedcontent; if the content displayed when the request was received is theprotected content: notify a third party via a network interface of themobile device that the security breach occurred; and perform a remedialaction.
 11. The method of claim 10, wherein the content is determined tobe protected content if an application generating the content beingdisplayed is flagged as a protected application.
 12. The method of claim10, wherein the content displayed on the display when the request wasreceived is determined to be the protected content by: notifying anapplication generating the content being displayed that the request torecord content was received; and receiving from the application anindication that the content being displayed is the protected content.13. The method of claim 10, wherein the notification that the securitybreach occurred includes information identifying at least one of themobile device or a user of the mobile device.
 14. The method of claim13, wherein the identifying information includes at least one of ausername, a geo-location of the device, a device identifier, or an imagecaptured by a camera of the mobile device after the request to recordwas received.
 15. The method of claim 10, wherein the notification thatthe security breach occurred includes a record of the content displayedon the display when the request was received.
 16. The method of claim10, wherein the remedial action comprises at least one of deleting datastored on the mobile device, capturing an image of a user of the mobiledevice when the request to capture a screen shot was received, disablingthe mobile device, or disabling login credentials used to access theprotected content.
 17. The method of claim 10, wherein the remedialaction is performed after receiving a request to perform the remedialaction.
 18. A system configured to prevent data viewed on a mobiledevice from being compromised, the system including: the mobile devicecomprising: a non-transitory computer readable memory, a networkinterface, and a display; and a processor configured to: accessprotected content; detect a security breach by: receiving a request torecord content currently displayed on the display; detecting the contentdisplayed on the display when the request to record currently displayedcontent was received; and determining that the content displayed on thedisplay when the request was received is the protected content; and if asecurity breach is detected, sending a notification to a third partycomputer via the network interface, wherein the notification indicatesthat the security breach occurred; and the third party computercomprising: a communication interface configured to communicate with thenetwork interface of the mobile device and receive the notification fromthe mobile device; a processor configured to: receive the notificationfrom the communication interface, wherein the notification includesinformation regarding the protected content displayed on the displaywhen the request was received and a user of the mobile device; determinethe nature of the protected content displayed on the display when therequest was received; based on the nature of the protected content andthe user of the mobile device, determine a remedial action to perform;send an indication of the remedial action to perform to the mobiledevice; wherein the processor of the mobile device is further configuredto perform the remedial action indicated by the third party computer.